I am using web API .net core 3.1, my case is that when a user logs out I will put that user's JWT token in a blacklist that is stored in the database so that the JWT token cannot be accessed into the system even though it has not expired.
Currently, I put the 'CheckJWTTokenInBlacklist' function in each API function as shown below.
[Authorize]
[HttpPost]
public ActionResult Add(OrderRequest req)
{
if (ModelState.IsValid)
{
string token = HttpContext.Response.Headers["Authorization"];
if (_coffeeToken.CheckJWTTokenInBlacklist(token) == false) //Check whether the token is blacklisted.
{
//token is not in blacklist
}
else
{
// token is in blacklist
}
}
return BadRequest(ModelState);
}
I think this is not the best way since every API needs JWT tokens I have to set the above check function. Are there better ways?
Thank you !!